[pve-devel] firewall : question about dhcp option rule

Dietmar Maurer dietmar at proxmox.com
Wed Mar 19 12:23:36 CET 2014


> I just notice that in
> 
> ruleset_create_vm_chain{
> ...
>     if (!(defined($options->{dhcp}) && $options->{dhcp} == 0)) {
>         ruleset_addrule($ruleset, $chain, "-p udp -m udp --dport 67:68 -j
> ACCEPT");
>     }
> ..
> 
> }
> 
> 
> we create the rule in both direction, and with an ACCEPT.
> 
> is it normal ?
> 
> (we should never do an accept in tap-out chain)

I guess you found a bug!




More information about the pve-devel mailing list